Researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and India.

Korean Air suffered a data breach after its in-flight catering supplier Korean Air Catering & Duty-Free (KC&D) was hacked, exposing personal data of ~30,000 employees of Korean Air employees.

The CISA has added a critical vulnerability in the Digiever DS-2105 Pro network video recorder to its Known Exploited Vulnerabilities catalog. This vulnerability, identified as CVE-2023-52163, has a CVSS score of 8.8.

An unsecured 16TB MongoDB database containing 4.3 billion professional records was discovered, posing a significant risk for large-scale AI-driven social engineering attacks. The database included LinkedIn-style data.

The FBI issued a warning about a new scam where criminals manipulate online photos to create fake "proof-of-life" images for virtual kidnapping scams. These involve criminals posing as kidnappers, demanding ransom, and using altered images.

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. The vulnerability lets attackers trigger an XXE injection in Apache Tika’s core, PDF, and parser modules.

The "Contagious Interview" campaign, linked to North Korean threat actors, has expanded with the addition of 197 new malicious npm packages. This campaign targets software developers in the crypto and Web3 sectors.

RomCom malware, linked to Russian military intelligence unit GRU Unit 29155, has been observed using the SocGholish fake browser update framework to deliver a Mythic C2 agent, targeting a U.S. civil engineering firm with ties to Ukraine.

Harvard University has disclosed a data breach targeting its Alumni Affairs and Development systems, caused by a vishing attack. It led to the unauthorized access of sensitive contact and biographical information of university affiliates.

A data breach has affected Italy’s national railway operator, Ferrovie dello Stato Italiane, following a successful cyberattack on its digital services provider, Almaviva. Threat actors claim to have exfiltrated 2.3 TB of highly sensitive info.